hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into post-release-prep/codeql-cli-2.15.1

Browse Source
This commit is contained in:
Dave Bartolomeo
2023-10-19 12:14:07 -04:00
committed by GitHub
parent 8dcd8b9e5b 2a1ca637fd
commit 712f7758cf
120 changed files with 15279 additions and 5082 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
View File

@@ -12,11 +12,8 @@
*/
import java
import semmle.code.java.security.SpringCsrfProtection
from MethodAccess call
where
call.getMethod().hasName("disable") and
call.getReceiverType()
.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
"CsrfConfigurer<HttpSecurity>")
where disablesSpringCsrfProtection(call)
select call, "CSRF vulnerability due to protection being disabled."

4
java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring.